[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Apr 24 08:50:41 UTC 2018
The branch master has been updated
via 7500bc337ae61ff370c8e77bb018114d73dfcf18 (commit)
from 4753ad858c299a34815988907989c98d5285e57e (commit)
- Log -----------------------------------------------------------------
commit 7500bc337ae61ff370c8e77bb018114d73dfcf18
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 23 14:02:23 2018 +0100
Allow TLSv1.3 EC certs to use compressed points
The spec does not prohib certs form using compressed points. It only
requires that points in a key share are uncompressed. It says nothing
about point compression for certs, so we should not fail if a cert uses a
compressed point.
Fixes #5743
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6055)
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 14 +++++++-------
test/ssl-tests/20-cert-select.conf | 6 +++++-
test/ssl-tests/20-cert-select.conf.in | 6 +++++-
3 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b698e2b..b777b3a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -442,8 +442,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
- /* Compression not allowed in TLS 1.3 */
- return 0;
+ /*
+ * ec_point_formats extension is not used in TLSv1.3 so we ignore
+ * this check.
+ */
+ return 1;
} else {
int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
@@ -2435,7 +2438,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if (SSL_IS_TLS13(s)) {
size_t i;
#ifndef OPENSSL_NO_EC
- int curve = -1, skip_ec = 0;
+ int curve = -1;
#endif
/* Look for a certificate matching shared sigalgs */
@@ -2458,11 +2461,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
- if (EC_KEY_get_conv_form(ec)
- != POINT_CONVERSION_UNCOMPRESSED)
- skip_ec = 1;
}
- if (skip_ec || (lu->curve != NID_undef && curve != lu->curve))
+ if (lu->curve != NID_undef && curve != lu->curve)
continue;
#else
continue;
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index 26da1c0..0a92bf8 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -971,7 +971,11 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-28]
-ExpectedResult = ServerFail
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
# ===========================================================
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 62dfc52..51a158d 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -511,7 +511,11 @@ my @tests_tls_1_3 = (
"SignatureAlgorithms" => "ECDSA+SHA256",
},
test => {
- "ExpectedResult" => "ServerFail"
+ "ExpectedServerCertType" => "P-256",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "EC",
+ "ExpectedServerCANames" => "empty",
+ "ExpectedResult" => "Success"
},
},
{
More information about the openssl-commits
mailing list